These days, securing your systems and data is of great importance.

One powerful security measure is Multi-Factor Authentication (MFA), which adds an extra layer of protection by requiring users to provide additional credentials beyond just a password.

In this post, I will guide you through the process of setting up MFA on Ubuntu 22.04, enhancing the security of your system.

Prerequisites

Before we begin, make sure you have the following:

• A user account with sudo privileges.
• Ubuntu 22.04 installed (Not tested on other versions).
• An MFA authenticator app, such as Google Authenticator or Authy.

Step 1: Install the Required Packages

The first step is to install the necessary packages that will enable MFA on your Ubuntu system.

Open a terminal and run the following commands:

sudo apt update
sudo apt install libpam-google-authenticator -y

These commands will update your package lists and install the libpam-google-authenticator package, which will be used to generate MFA codes.

Step 2: Configure MFA for a User

Once the package is installed, you can configure MFA for a specific user account.

In the terminal, execute the following command:

google-authenticator

This command will initiate the setup process and present you with a series of questions.

You will be prompted to scan a QR code with an MFA authenticator app, such as Google Authenticator or Authy. Alternatively, you can enter the provided key manually into your authenticator app.

You will be asked if you want to update the .google_authenticator file. Press y and hit Enter to proceed.

You will be asked a series of questions. It is recommended to answer ‘y’ for all the questions to enable the maximum level of security. These questions include options such as disallowing multiple uses of the same authentication token and enabling rate limiting.

Once you have completed the setup, you will be provided with backup codes.

It is crucial to store these backup codes in a secure location, as they can be used to access your account if you lose access to your MFA device.

Step 3: Configure SSH to Use MFA

To enable MFA for SSH logins, you need to configure the SSH daemon to utilise MFA.

Open the SSH configuration file by running the following command:

sudo nano /etc/pam.d/sshd

In the editor, add the following line at the top of the file:

auth required pam_google_authenticator.so

Save the changes and exit the editor by pressing Ctrl + X, followed by Y, and then hitting Enter.

Step 4: Restart SSH Service

To apply the changes made to the SSH configuration, you need to restart the SSH service.

Run the following command to restart SSH:

sudo systemctl restart sshd

Step 5: Test MFA

Now that MFA is set up, it’s time to test if it’s working as expected.

Open a new terminal window and attempt to SSH into your Ubuntu system using the user account you configured for MFA.

You should be prompted for your MFA verification code after entering your password.

Summary

You have successfully set up Multi-Factor Authentication (MFA) on your Ubuntu 22.04 system.

By implementing MFA, you have significantly enhanced the security of your system and reduced the risk of unauthorised access.

Remember to keep your backup codes safe in case you need them.